ISO’s new standard on privacy by design (ISO 31700)

Feb 3, 2023 7:00:00 AM | Data Privacy ISO’s new standard on privacy by design (ISO 31700)

An important step that will lead to the growing importance of privacy on an international level is about to take place this month. On February 8 2023, the International Organisation for Standardization (ISO) will adopt ISO 31700 on privacy by design, a new worldwide privacy standard for consumer goods and services.

The new standard provides guidelines for organisations to take into account the privacy of a consumer throughout the design, development and the rest of the product lifecycle. The aim of the standard is to help organisations protect the privacy of personal data and ensure that their products and services are in line with relevant privacy regulations.
ISO is an international organisation of national standards bodies, also known as ISO member bodies, that develop and publish international standards. A famous standard among the total of 24,000 standards is ISO 27001, which is the world’s best-known standard for information security management systems (ISMS). 

ISO 31700 features 30 high-level requirements and guidance on privacy by design principles. One of the key concepts covered in ISO 31700 is the privacy impact assessment (PIA). PIAs are a means of assessing the potential impact of a new product or service on privacy and of identifying and mitigating privacy risks before the product or service is launched. This proactive approach to privacy protection is designed to minimize the risk of harm to individuals and to ensure that privacy is protected throughout the lifecycle of the product or service.

Canadian Information and Privacy Commissioner Ann Cavoukian, who first published privacy by design in 2009, described privacy by design as follows: “Privacy by design advances the view that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.”

Over the years after first published in 2009, privacy by design has been adopted by the Data Protection Authorities and the International Assembly of Privacy Commissioners and incorporated in the GDPR. This means that until now, only organisations who hold data of European residents need to comply with these rules. This will change from February 8 onwards, when ISO includes privacy by design in its standards and makes it an international privacy standard. 

If you would like to learn more about this new standard and its implications for your organisation, we invite you to attend our online event, where our experts will update you on this development. Register today to secure your place!